<?php
$newpass = isset($_REQUEST['newpass']) ? $_REQUEST['newpass'] : 0;
if ( ($_SESSION['logini']) == false )
{
    user();
}    

// ----------------------- Functions ---------------------------------------------------------------------------------------------

function user() {

    global $error,$newpass;

    $username = isset($_REQUEST['username']) ? $_REQUEST['username'] : '';
    $password = isset($_REQUEST['password']) ? $_REQUEST['password'] : '';
    // verschlüsselung
    if ( $password != "" )
    {
        $password = md5($password);
    }

    if ( $username != "" and $username != 'E-Mail' AND $password != ""  )
    {
        $sql = "SELECT password,registered,customerid,newpassword FROM customerdata where email ='" . $username . "'"; 

        // DB Query
        $db_res = mysql_query( $sql );
        if ( ! $db_res ) { die('Error query: ' . mysql_error()); }
        
        $num_rows = mysql_num_rows($db_res);

        // if no customer
        if ( $num_rows == 0 ) 
        {
            $_SESSION['logini'] = False;
            $error = "Login-Daten nicht korrekt! Bitte noch einmal eingeben.";
        }
        else
        {
        while ($row = mysql_fetch_array( $db_res, MYSQL_ASSOC))
        {
            if ( $row['registered'] == 2 )
            { 
                $_SESSION['logini'] = False;
                $error = "Dein Konto wurde noch nicht best&auml;tigt! &Uuml;berpr&uuml;fe Deine E-Mails und best&auml;tige die Registrierungs-E-Mail.";
            }   
            else
            {
                if ( $row['password'] == $password )
                {
                    //    $_SESSION['username'] = $username;
                    $_SESSION['logini'] = True;
                    $_SESSION['customerid'] = $row['customerid'];   
                    $sql5 = "select langpair from settings where customerid = ". $row['customerid'];
                    $db_sel5 = mysql_query( $sql5 );
                    if ( ! $db_sel5 ) { die('Error query: ' . mysql_error()); }
                    while ($row2 = mysql_fetch_array( $db_sel5, MYSQL_ASSOC))
                    {
                        $_SESSION['langpair'] = $row2['langpair'];
                    }
                    $sql4 = "update customerdata set tries = 0 where email ='" . $username . "' ";
                    $db_upd4 = mysql_query( $sql4 );
                    if ( ! $db_upd4 ) { die('Error query: ' . mysql_error()); }
                
                    if ( $row['newpassword'] == 1 )
                    {
                        // to request for new password
                        $newpass = 1;
                        // to request only the first time
                        $sql1 = "update customerdata set newpassword = 0 where email ='" . $username . "' ";
                        $db_upd = mysql_query( $sql1 );
                        if ( ! $db_upd ) { die('Error query: ' . mysql_error()); }
                    }
                }
                else
                {
                    $_SESSION['logini'] = False;
                    $error = "Login-Daten nicht korrekt! Bitte noch einmal eingeben.";
                    $sql2 = "update customerdata set tries = tries + 1 where email ='" . $username . "' ";
                    $db_upd2 = mysql_query( $sql2 );
                    if ( ! $db_upd2 ) { die('Error query: ' . mysql_error()); }
                    $sql3 = "SELECT tries FROM customerdata WHERE email='".$username."'";
                    $db_sel3 = mysql_query( $sql3 );
                    if ( ! $db_sel3 ) { die('Error query: ' . mysql_error()); }
                    while ($row = mysql_fetch_array( $db_sel3, MYSQL_ASSOC))
                    {
                        if ( $row['tries'] > 7 )
                        {
                            $error .= ' Du hast 8 oder mehr Loginversuche benötigt, bitte lass Dir ein neues Passwort zusenden:&nbsp;<a href="passwort-vergessen.html">Neues Passwort</a>';
                        }
                    }
                }
            }
        }
        }
    }
    elseif ( $password != "" and $username == "" or $password != "" and $username == 'E-Mail' )
    {
		$_SESSION['logini'] = False;
        $error = "Login-Daten nicht korrekt! Bitte noch einmal eingeben.";
	}
}

?>